I'm on vacation, a day to recharge and get some things. I still wanted to get on Delphi today, but between shopping, clean the house, birthday dinner, and walk not know if I will give everything. Lack of time is a constant both in personal life or in business. In the background is always time to arrange what we like. For we do not like not ... and that is sometimes disturbing IMHO.
I am not much of plagiarizing but while doing full-paste that I found a very interesting article on this blog that can be seen here: http://paradigma.pt/gngs/view.php?pid=538
DDoS history
Thu May 11 2006 15:30
In the past two days this month, the confrontation between spammers and anti-spam service has taken gigantic proportions leading to several collateral damage within the structure of the Internet.
Apparently a professional spammer thought the service bluesecurity that fights SPAM is having great success resulting in an immediate lower revenue from its economic activity as a spammer, so decided to make an attack savanna will enterprise.
The solution that presents bluesecurity to combat spam passes through the origin, ie, who pays for there to be SPAM, it will say, companies that have told us those emails. So when it detects a spam mail, the service transparently and automatically sends an email to the company warning it not want to receive your emails (the right to opt-outs)
This process causes the companies mentioned in the spam mails are themselves deluged by emails.
The attack played by "PharmaMaster" had basically three phases, the first went through sending mails to the community where it was stated that the service did not meet their objectives because the mail was proper example of this. Probably this method was not very successful what did the spammer will pass the second stage.
It was this phase that stirred my attention to the matter, because the attacker managed to isolate the Bluesecurity to their country of origin, Israel, ie, the site could only have hits of calls coming from their own country. At the time all information that was available on the subject was that the attacker had managed to make a blackhole filtering routers somewhere in the line of international ISP's national Bluesecurity.
A blackhole filtering in practical terms is merely placing a route that sends all traffic from a particular host / network device to a dummy. I began to wonder how the spammer had managed such a feat and came to me three situations will head:
1) The attacker had somehow hacked routers
2) The attacker had made a DDoS attack to the routers that spoof the source of packets with the IP's website Bluesecurity, and administrators of the backbone fit to defend themselves from attack by placing a backhole, which seemed to me an irresponsible decision since it is known that in UDP protocols and ICMPs this spoof is trivial.
3) The attacker had made a DDoS attack to their own Web site BlueSecurity and administrators of the backbone so as to preserve the bandwidth of your network and the smooth functioning of its other clients, have abdicated to serve the IP Bluesecurity putting blackhole filtering . This theory was soon put aside when the administardores Bluesecurity noted that they had been victims of any DDoS attack.
After the "PharmaMaster" has done nothing of this, used his social contacts and convinced a "friend" that has administrative powers to enter these blackhole router.
# [Tier-1 ISP name withheld] says: Yes wont b the problem, I'll make sure to block all traffic to this domain very soon just get me reports mate "
# [Tier-1 ISP name withheld] Will block traffic to your websites, god i love this war 
"
If it really happened, what kind of "professionals" we have to manage major Internet backbones, and nobody held a traceroute to identify which of the ISPs was wanting to drop the route and then blame the company? weird ...
Once isolated from the rest of the world, the Bluesecurity decided to put in a CNAME nameserver to point to a blog (http://bluesecurity.blogs.com) its hosted at Six Apart, and here began the third phase of the attack. The spammer has decided to launch a DDoS-based syn flood to Six Apart's servers and nameservers from Tucows so that the BlueSecurity stay without any "expression" online, this has led to several thousand machines had their services inaccessible during several hours.
Recent Comments